Security News > 2001 > February > Security Top Concern as Health Care Regs Loom

http://www.computerworld.com/cwi/stories/0,1199,NAV47-68-84-88_STO57610,00.html By JULEKHA DASH February 12, 2001 Health care organizations scrambling to comply with pending HIPAA rules. With new government regulations looming, upgrading security has become the top priority this year for health care IT departments. The 20,000 attendees at the Healthcare Information and Management Systems Society's (HIMSS) annual conference here last week debated everything from reducing medical errors to deploying Internet technologies. But sessions on the Health Insurance Portability and Accountability Act (HIPAA) drew the largest crowds. At one session, guests spilled out into the hallway. "HIPAA is much bigger in magnitude than Y2k and is larger in scope because it's not a one-time thing," said Soloman Appavu, director of systems planning at Cook County Hospital and Cook County Bureau of Health Services in Chicago. Lawmakers released the HIPAA regulations, which Congress passed in 1996, in several stages last year. In essence, the regulations require health care organizations to protect the privacy and security of confidential health information and call for standard formats for electronic transactions. Since the HIPAA regulations require heightened security measures, Bryan Bayley, program manager at Carl T. Haydon VA Medical Center in Phoenix, said he's looking for an alternative to password protection, such as biometric authentication, which involves scanning a person's eye or finger before before granting access to protected information. Many health care companies are preparing for the regulations by changing their existing policies and procedures. Sparks Health System in Fort Smith, Ark., for example, has created a policy education committee to assess its readiness for HIPAA, said Karen McPherson, director of information systems. To start, the committee has asked an attorney to draft a letter for vendors to sign to show that they are HIPAA-compliant. As health care organizations pour their resources into HIPAA, other projects, such as Internet initiatives, will likely take a back seat this year. Almost two-thirds of respondents to this year's HIMSS leadership survey said their top priority is upgrading security on IT systems to meet HIPAA requirements. "HIPAA will have a continuing dampening effect on health care IT innovations," said Simmi Singh, a vice president in the health care group at Internet services firm SeraNova Inc. in Edison, N.J. But Walter Menning, HIMSS board chairman and vice chairman of information systems at the Mayo Clinic in Rochester, Minn., said the survey results revealed not so much a declining interest in Internet initiatives as a shift in priorities caused by looming deadlines for HIPAA compliance. Late last year, former President Bill Clinton announced the final HIPAA privacy rules [News, Jan. 1]. Most organizations will have two years to comply. Failure to do so could result in civil and/or criminal fines, as well as jail time. The final security rules are due the middle of this year. However, Bill Braithwaite, senior adviser on health information policy at the U.S. Department of Health and Human Services, said health care organizations will be asked for ongoing feedback. "It's not a one-time deal. We will be revising these standards, and you will be affecting those standards on an annual basis," Braithwaite said. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".

News URL

http://www.computerworld.com/cwi/stories/0,1199,NAV47-68-84-88_STO57610,00.html